Active Cyber Defence (ACD) – The Second Year Report

The Active Cyber Defence (ACD) programme seeks to reduce the harm from commodity cyber attacks against the UK. The new report (PDF), written by the NCSC’s Technical Director Ian Levy, presents an honest analysis of the outcomes achieved in the ACD’s second year of operation. It covers a range of services from within the ACD programme, which includes:

  • Takedown Service: removing malicious content so it can’t cause harm
  • Mail Check: helping domain owners understand and control abuse of their email

    domains

  • Domain Discovery: helping system owners understand what internet domains they

    have registered

  • Web Check: proactively scanning websites for simple vulnerabilities and issues
  • Protective DNS: protecting the public sector at scale from harmful internet stuff
  • Routing and signalling: protecting the protocols that route our traffic around the

    world

  • Host-based capability: getting a handle on public sector IT
  • Vulnerability Disclosure Platform: making it easy to report vulnerabilities in govern

    ment services

  • Suspicious email incubator: building a service to help the public report on suspicious

    stuff and automatically take protective action

You can also read a blog post written by Ian Levy discussing the report and its impact.

Action Fraud issues warning after bogus traffic wardens steal bank cards

Individuals pretending to be police officers and traffic wardens are targeting members of the public.

• Increased number of reports to Action Fraud of fraudsters claiming to be police officers or traffic wardens.
• A number of reports have been linked to elderly and vulnerable victims.
• If your bank card is retained by an ATM machine, contact your bank immediately to inform them.

Action Fraud has received 33 reports since January 2019 of victims being targeted by individuals purporting to be police officers and traffic wardens. A number of these victims have been elderly and vulnerable.

The victims are being approached while in their car or in a car park and told by the suspect that they have parked illegally or broken a speed limit and that a photo has been taken of their car for evidence. Victims are advised that they will face a substantial penalty fine unless they pay a smaller upfront fee.

Victims, who opt for paying the smaller penalty, will be directed to a parking metre and asked to enter their card and PIN number. The cards are then retained by the machine and the fraudsters look over the victim’s shoulder to get their PIN number.

Protection advice

  • If you are suspicious about the authenticity of the fine, do not pay it until you have verified it with your local council.
  • Always shield your PIN from view when using an ATM machine, and never share your PIN with anyone.
  • If your bank card is retained by an ATM machine, contact your bank immediately to inform them.

Pauline Smith, head of Action Fraud, said: “This is a highly planned fraud that takes advantage of the pressure victims feel to pay the fine, especially by those who are elderly and vulnerable.

“It is important that people shield your PIN from view when using an ATM machine. We are urging people to be particularly cautious of anyone claiming to be from an official authority. If in doubt, verify the person’s identity with your local council or police force.”

Don’t let a scammer enjoy your retirement

Scammers are targeting pension pots of all sizes. Make sure you know how to spot the warning signs and how to keep your pension safe.

Pension scams can be hard to spot. Scammers can be articulate and financially knowledgeable, with credible websites, testimonials and materials that are hard to distinguish from the real thing.

How pension scams work

Scammers usually contact people out of the blue via phone, email or text, or even advertise online.

Scammers design attractive offers to persuade you to transfer your pension pot to them (or to release funds from it). It is often then:

  • invested in unusual and high-risk investments like overseas property, renewable energy bonds, forestry, storage units;
  • invested in more conventional products, but within an unnecessarily complex structure which hides multiple fees and high charges; or
  • simply stolen outright.

The warning signs

Scam offers often include:

  • Free pension reviews
  • Higher returns – guarantees they can get you better returns on your pension savings
  • Help to release cash from your pension, even though you’re under 55 (an offer to release funds before age 55 is highly likely to be a scam).
  • High pressure sales tactics – the scammers may try to pressure you with ‘time limited offers’ or even send a courier to your door to wait while you sign documents.
  • Unusual investments – which tend to be unregulated and high risk, and may be difficult to sell if you need access to your money.
  • Complicated structures where it isn’t clear where your money will end up.
  • Long-term pension investments – which mean it could be several years before you realise something is wrong.

4 simple steps to protect yourself from pension scams

Step 1 – Reject unexpected offers

If you’re contacted out of the blue about a pension opportunity, chances are it’s high risk or a scam. If you get a cold call about your pension, the safest thing to do is to hang up – it’s illegal and probably a scam.

Be wary of offers of free pension reviews. Professional advice on pensions is not free – a free offer out of the blue from a company you have not dealt with before is probably a scam.

And don’t be talked into something by someone you know. They could be getting scammed, so check everything yourself.

Step 2 – Check who you’re dealing with

  • Check the Financial Services Register to make sure that anyone offering you advice or other financial services is authorised by the Financial Conduct Authority (FCA), and they are permitted to provide those services in relation to pensions. If you need any help checking, call the FCA Consumer Helpline on 0800 111 6768.
  • Check they are not a clone – a common scam is to pretend to be a genuine FCA authorised firm (called a ‘clone firm’). Always use the contact details on the Register, not the details the firm gives you.

Step 3 – Don’t be rushed or pressured

  • Take your time to make all the checks you need – even if this means turning down an ‘amazing deal’. Be wary of promised returns that sound too good to be true and don’t be rushed or pressured into making a decision.

Step 4 – Get impartial information or advice

You should seriously consider seeking financial guidance or advice before changing your pension arrangements.

  • The Pensions Advisory Service – provide free independent and impartial information and guidance.
  • Pension Wise – If you’re over 50 and have a defined contribution pension, Pension Wise offers pre-booked appointments to talk through your retirement options.
  • Financial advisers – It’s important you make the best decision for your own personal circumstances so you should seriously consider using the services of a financial adviser. If you do opt for an adviser, be sure to use an adviser that is regulated by the FCA and never take advice from the company that contacted you or from someone they recommend, as this may be part of the scam.

If you suspect a scam, report it

  • Report to Action Fraud – If you suspect a scam you should report it to Action Fraud on 0300 123 2040 or at www.actionfraud.police.uk.
  • If you’ve agreed to transfer your pension and now suspect a scam, contact your pension provider straight away. They may be able to stop a transfer that hasn’t taken place yet. If you are unsure of what to do contact The Pensions Advisory Service for help on 0800 011 3797.

Counter-fraud measures are to be set up for the apprenticeship funding programme

Counter-fraud measures are to be set up for the apprenticeship funding programme, the government has insisted, amid warnings from the National Audit Office that not enough care is being taken to prevent a repeat of the Individual Learning Accounts fiasco.
Worried about the repeat of the multi million pound fraud 15 years ago, the NAO has found that the Department for Education still has no contingency plan if levy and funding reforms do not work out as planned.
The DfEhas stated “We are working closely with colleagues from across Government to implemnt counter-fraud measures for the new funding system”
The failure of the Individual Learning Accounts scheme led to a reported £67 million fraud after abuse of systems by unscupulous and fraudulent providers and suppliers.
But, a damning report from the NAO has raised concerns that lessons have not been learned, raising the risk of “market abuse” as it warned that not enough has been done to ensure robust control mechanisms are in place to identify how providers,employers and assessment bodies implement and manage the scheme.

The Times suggests that the intrduction of the levy could lead to Shocking and prevalent examples of fraud” unless robust safeguards are put in place. The levy on the payroll bills of large employers is expected to generate £3 billion a year in 2019/20,
triggering concerns about the risk of some employers and training providers using “questionable work arounds” to access and misuse public funding.
The warning was issued as new figures reveal that 114 cases of suspected fraud or misappropriation of funding were investigated by the Skills Funding Agency over a 3 year period.

An insightful webinar for prospective and existing training providers who are about to apply or resubmit RoATP applications.

About this Event

Are you an apprenticeship provider, employer provider or supporting provider who is about to resubmit an application for RoATP?

Are you contemplating your first application to become an ESFA approved apprenticeship provider?

https://www.eventbrite.co.uk/e/roapt-toolkit-webinar-tickets-63779627583

Tackling Economic Crime Awards (TECAs)

The Tackling Economic Crime Awards which were launched earlier this year – which we are proud to be supporting.  The TECAs are an independent awards scheme which serve to acknowledge and reward those who make a significant contribution in tackling all areas of economic crime such as fraud, money laundering, bribery and corruption.

The TECAs are free to enter and open to organisations, teams and individuals working in the UK; operating in the public, private and third sectors.

Entry is open until 1st August 2019 and nominations are invited in the following categories:

Outstanding Manager or Director                       Outstanding Team

Outstanding Customer Service Initiative              Outstanding New Product

Outstanding Training Initiative                            Outstanding Partnership

Outstanding Investigator                                    Outstanding Policing Initiative

Outstanding Young Professional                        Outstanding Cyber Company

Outstanding Female Professional                      Outstanding Prevention Initiative

Lifetime Achievement Award

Winners will be announced on Monday, 9th December 2019 at a prestigious awards dinner to be held at the Sheraton Grand Park Lane Hotel in central London.

If you, your organisation or someone you know has made a significant contribution in tackling any area of economic crime we urge you to enter to be in with a chance to be formally recognised.

More information about the TECAs can be found at www.thetecas.com

CIFAS Report – Fraud continues ‘inexorable’ rise in the UK as new annual figures show 6% increase

  • Identity fraud reaches record highs, with plastic cards and online retail hardest hit
  • Over 60s and under 21s increasingly targeted age groups, seeing significant increases in victims
  • Just under 190,000 cases of identity fraud reported in 2018 – an unprecedented amount

Cifas, the UK’s fraud prevention service, today paints an alarming picture of fraud in the UK with the release of Fraudscape, the annual publication of its data that identifies and analyses the country’s fraud trends based on 323,660 cases of fraudulent conduct recorded in 2018. The data, from over 470 organisations, including major UK brands from across the sectors, is one of the most comprehensive pictures of fraud and fraudulent attempts in the UK.

With an overall increase of 6% in cases recorded by Cifas members, the new figures show significant areas of concern.

Key findings from the Cifas’ annual report Fraudscape include:

Identity fraud reach record highs with plastic cards taking the brunt of the fraud. Identity fraud significantly increased in 2018, with 189,108 cases recorded an 8% increase on 2017’s figures. Plastic cards were hit the hardest with 82,608 reports of fraud, up 41% from 2017. More fraud means more victims – 19 out of 20 frauds involved a victim left to pick up the pieces.

Cifas reports increases in identity fraud across all age groups but particularly the young and old. Victims aged 21 and under rose 26%, while the over-60s saw an alarming 34% increase on the previous year. As older people are more likely to be approved for credit and their online presence grows, fraudsters are increasingly targeting them online: in 2018 more than 33,000 over-60s were the victim of identity fraud.

Cases which are indicative of money mule activity are up across the board with a 26% increase from 2017, and Cifas has seen a steep incline in those aged 40- 60 becoming involved in such activity, increasing 35%.  This illustrates that being drawn into such criminality is not a problem limited to younger generations.

Chief Executive Officer of Cifas, Mike Haley, says:
“Fraud in the UK continues to rise and fraudsters are constantly finding new methods of committing fraud. From identity theft through to using the young and naïve as money mules to launder money, the economic and social harm to the nation is growing. The only way to fight the threat is to combine communication and collaboration, working together to present a united front against the perpetrators. As no one can expect to deliver effective defense against ever-present threats without the full picture, Fraudscape is a crucial weapon in fraud prevention, allowing us to see where the current attacks are coming from and where future dangers lie.’

https://www.cifas.org.uk/newsroom/fraudscape-2019-release

How a ransomware attack cost one firm £45m

When malicious hackers disable your business and demand a ransom, should you pay up? Many firms do out of desperation, turning to intermediaries to help broker the deal. But law enforcement says this just makes things worse.

Imagine the excitement when hackers gained a foothold in the computer system of Norsk Hydro, a global aluminium producer.

We don’t know when it was, but it’s likely that once inside they spent weeks exploring this group’s IT systems, probing for more weaknesses.

When they eventually launched their ransomware attack, it was devastating – 22,000 computers were hit across 170 different sites in 40 different countries.

https://www.bbc.co.uk/news/business-48661152

HMRC Alert

Courier Fraud Alert – 04/06/2019